package com.example.springboot.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @author Administrator
 */
@Configuration
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.formLogin()
                // 自定义登录页面
                .loginPage("/admin/loginCheck")
                // 登录请求的路径，与表单中的 action 一致
                .loginProcessingUrl("/admin/login")
                .usernameParameter("username")
                .passwordParameter("password")
                // 登录成功后跳转的路径
                .defaultSuccessUrl("/admin/index",true);

        // 放行静态资源
        httpSecurity.authorizeRequests()
                // 放行登录页面的路径
                .antMatchers("/admin/login","/admin/loginCheck","/modou/**").permitAll()
                // 放行静态资源的路径
                .antMatchers("/css/**", "/js/**", "/images/**").permitAll()
                // 放行登录请求的路径
                .anyRequest().authenticated();

        // 禁用 CSRF 防护
        httpSecurity.csrf().disable();

        return httpSecurity.build();
    }




}
